Legal

Privacy Policy

Ipsonas Sporting Centre

Last updated 3/20/2026

1. Who We Are

This Privacy Policy explains how AFXENTIOU & KARAMANOS BODY POWER GYM. LIMITED (Company No. HE39502), trading as Ipsonas Sporting Center, collects and uses personal data in connection with its gym, swimming, membership, website, and mobile app services. Publicly available contact details for the business list 79 Agiou Georgiou Street, Ypsonas, Limassol, Cyprus, telephone +357 77 777172, and email **afxentiou.karamanos@cytanet.com.cy. Public listings also identify an official Ipsonas Sporting Center** mobile app and website presence associated with the center.

For the purposes of applicable data protection law, including the GDPR, the data controller is AFXENTIOU & KARAMANOS BODY POWER GYM. LIMITED.

2. Scope of This Policy

This Privacy Policy applies to personal data collected when you:

  • visit our premises;
  • become a member or enquire about membership;
  • book classes, swimming sessions, or other services;
  • contact us by phone, email, website form, or social media;
  • use our website;
  • use our mobile app;
  • participate in promotions, loyalty programs, or marketing communications.

3. The Personal Data We May Collect

Depending on how you interact with us, we may collect:

3.1 Identity and contact data

  • full name;
  • phone number;
  • email address;
  • postal address;
  • date of birth;
  • emergency contact details.

3.2 Membership and service data

  • membership status;
  • membership start/end dates;
  • renewal history;
  • class bookings;
  • attendance/check-in records;
  • loyalty or member QR code data;
  • account/profile information submitted through the app.

The currently published app description states that the app supports class bookings, digital loyalty card check-ins, membership tracking, and profile access.

3.3 Health and fitness data

Where relevant to training, swimming, fitness planning, or safe participation, we may collect limited health-related information that you choose to provide, such as:

  • fitness goals;
  • height/weight;
  • injuries;
  • medical conditions or restrictions;
  • other information relevant to safe exercise participation.

Health data is treated as special category data and will only be processed where there is a valid legal basis under GDPR.

3.4 Payment and transaction data

  • membership payment records;
  • invoices/receipts;
  • limited billing information;
  • other transaction-related details needed for accounting and payment administration.

3.5 CCTV and security data

If you visit our premises, your image may be captured by CCTV for security, safety, and incident-management purposes. The business’s published privacy materials expressly refer to CCTV footage for security purposes.

4. How We Collect Personal Data

We collect personal data:

  • directly from you when you register, contact us, purchase a membership, complete forms, or use the app;
  • from your use of our website and app;
  • from CCTV systems at our premises;
  • from service providers who support our business operations, where lawfully permitted;
  • from a parent or guardian where services are arranged for a child.

5. Why We Use Your Data

We may use your personal data to:

  • register and manage memberships;
  • provide gym, swimming, fitness, and related services;
  • manage bookings, attendance, renewals, and member accounts;
  • process payments and maintain accounting records;
  • communicate with you about memberships, schedules, service changes, or support requests;
  • provide training, wellness, or service information relevant to your membership;
  • maintain security and protect our premises, staff, and members;
  • operate and improve our website, app, and services;
  • send marketing communications where permitted by law and, where required, with your consent.

The company’s currently published privacy materials refer to memberships, payments, personalised fitness services, communications, security, and service improvement as core processing purposes.

6. Legal Bases for Processing

We process personal data on one or more of the following legal bases:

  • performance of a contract with you;
  • compliance with a legal obligation;
  • our legitimate interests, including facility security, service administration, fraud prevention, and operational improvement;
  • your consent, where consent is required, especially for certain marketing communications or special-category health data processing.

Where we rely on consent, you may withdraw it at any time. Withdrawal will not affect processing already carried out lawfully before withdrawal.

7. Special Category Data

Where we process health-related data, we do so only when necessary and lawful, for example:

  • where you explicitly provide it to us;
  • where it is needed to tailor training or participation safely;
  • where required to protect vital interests or comply with legal obligations;
  • where another GDPR condition for processing special-category data applies.

You should only provide health information that is necessary and relevant.

8. Cookies, Website, and App

Our website may use cookies and similar technologies to ensure functionality, improve user experience, analyse site traffic, and manage preferences. The publicly accessible site currently presents a cookies notice, and the public privacy page hosted for the business refers to cookies used for functionality and traffic analysis.

If you contact us through the website, your submitted details will be used to respond to your enquiry and administer the request.

If you use our mobile app, we may process account, booking, membership, loyalty-card, and profile data in order to provide app functionality. The current Google Play listing states that the app may collect personal info, that data is encrypted in transit, and that the developer declares no data is shared with third parties via the Play data-safety section.

9. Sharing of Personal Data

We may share personal data only where necessary, including with:

  • payment processors;
  • IT, hosting, app, website, and software support providers;
  • accountants, auditors, legal advisers, or other professional advisers;
  • regulators, courts, law enforcement, or public authorities where required by law;
  • insurers or safety/security advisers where relevant to an incident or claim.

We do not sell your personal data. The company’s published privacy materials also state that personal data is not sold or rented for third-party marketing.

10. International Transfers

Where any of our service providers process personal data outside Cyprus or the EEA, we will take appropriate steps to ensure lawful safeguards are in place, such as adequacy decisions or approved contractual protections.

11. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, including to:

  • manage the membership relationship;
  • maintain business and accounting records;
  • comply with tax, legal, and regulatory obligations;
  • handle claims, complaints, and disputes;
  • maintain reasonable security records.

Different categories of data may be kept for different periods. When data is no longer needed, we will securely delete it or anonymise it where appropriate.

12. Security

We use reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, loss, or misuse. These measures may include access controls, system security, restricted staff access, and secure handling procedures.

13. Your Rights

Subject to applicable law, you have the right to:

  • be informed about how your data is used;
  • request access to your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of your data in certain circumstances;
  • request restriction of processing;
  • object to certain processing, including direct marketing;
  • request portability of data where applicable;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with the competent supervisory authority.

The GDPR rights listed above are described by the European Commission, and complaints in Cyprus may be made to the Office of the Commissioner for Personal Data Protection.

14. Children’s Data

Where services are provided to children or minors, including swimming or youth-related activities, personal data should be provided by or with the authority of a parent or legal guardian. We may require parental/guardian details and consent where appropriate.

15. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact:

AFXENTIOU & KARAMANOS BODY POWER GYM. LIMITED Trading name: Ipsonas Sporting Center Address: 79 Agiou Georgiou Street, Ypsonas, Limassol, Cyprus Phone: +357 77 777172 Email: afxentiou.karamanos@cytanet.com.cy

You may also lodge a complaint with the supervisory authority in Cyprus:

Office of the Commissioner for Personal Data Protection Kypranoros 15, 1061 Nicosia, Cyprus Tel: +357 22 818456

16. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version should always be made available on our website, app, or at our premises, with the revised effective date shown at the top.